Table of Contents
Hackers have recently been using Facebook ads to trick unsuspecting users into downloading malware on their Windows PCs. The ads, which feature images of scantily clad women, have led to over 100,000 downloads of a malware strain called Nodestealer. This malware is capable of stealing session cookies and login credentials, allowing hackers to break into a user’s Facebook account. This article will explore the details of this malicious advertising campaign and provide tips for users to protect themselves.
The Rise of Nodestealer
In May, Facebook itself disrupted a malware campaign on its platform that relied on Nodestealer. The company traced the origin of this malware to hackers in Vietnam. The initial campaign involved Nodestealer masquerading as fake PDF and XLSX files. However, in a disturbing development, Bitdefender, an antivirus vendor, recently observed the malware returning on Facebook, this time through the platform’s online ads.
Hijacked Facebook Accounts
Bitdefender researchers discovered multiple hijacked Facebook accounts being used in the attacks. At least 10 compromised business accounts continue to serve malicious ads to the public. These ads feature revealing photos of young women and are displayed under profile names such as “Album update,” “Hot Album Update Today,” and “Album Private Update Today.”
How the Malware Spreads
When a user clicks on one of these ads, a download is triggered on their PC. The download contains an archive file with an executable named “Photo Album.” However, this program is actually a disguised version of Nodestealer. Attackers use short descriptions such as “New stuff is online today” and “Watch now before it’s deleted” to entice users into downloading the media archive.
New Functions of Nodestealer
The hackers have also upgraded Nodestealer with new functions. The malware is now capable of stealing from cryptocurrency wallets and downloading additional malware. Bitdefender has identified multiple iterations of the same ad used in about 140 malicious ad campaigns. This indicates that the hackers behind this campaign are actively working to spread the malware.
Facebook has not yet responded to the recent resurgence of Nodestealer on its platform. This is concerning, as the malicious advertising campaign remains active. Users should be on guard and take steps to protect themselves from falling victim to this malware.
How to Protect Yourself
To protect yourself from falling prey to this malicious advertising campaign, it is important to follow these steps:
- Be cautious of ads featuring revealing photos of young women, especially if they are displayed under suspicious profile names.
- Avoid clicking on ads that promise new or exclusive content, particularly if they use urgent or sensational language.
- Install a reputable antivirus program on your Windows PC and keep it updated to detect and remove malware.
- Regularly update your operating system and software to patch any vulnerabilities that hackers could exploit.
- Be wary of downloading files from unknown sources, especially if they are disguised as media archives or documents.
- Enable two-factor authentication on your Facebook account to add an extra layer of security.
- Regularly monitor your Facebook account for any suspicious activity, such as unrecognized logins or posts.
By following these steps, you can reduce the risk of falling victim to Nodestealer or any other malware spread through Facebook ads.
Hackers are using Facebook ads featuring images of scantily clad women to lure unsuspecting users into downloading the Nodestealer malware. This malware can steal session cookies and login credentials, potentially allowing hackers to gain access to a user’s Facebook account. The recent resurgence of Nodestealer on Facebook is concerning, as it indicates an ongoing malicious advertising campaign. Users should be cautious and take steps to protect themselves, including being wary of ads with revealing photos, avoiding suspicious downloads, and keeping their antivirus software and operating system updated. By staying vigilant, users can avoid falling victim to this malware.